From patchwork Tue Mar 21 12:01:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Terekhov, Mikhail via Gdb-patches" X-Patchwork-Id: 66678 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 881AF3858298 for ; Tue, 21 Mar 2023 12:02:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 881AF3858298 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1679400135; bh=K3slccrVKcXqmJS/p3N1TZf3grAO56+kGG/dBIkDImk=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=mX6ei/hn8HWV+wQ8yBlgi/CEJmkA4fHjoqxSLq6/JhJYSSV7auLyK1mm86ueKaJIq Si1+5o7vxA2IeUORcFgitV8NMs7ZqhWx2p2coq+JqFXxET6teAA4SKONUURWjYKym/ e+gDLnBrluiFScuO0E2Y636rDggadHV86P79ZxzM= X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by sourceware.org (Postfix) with ESMTPS id 3C6023858D37 for ; Tue, 21 Mar 2023 12:01:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3C6023858D37 Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from ) id 1peagX-009sQm-2t; Tue, 21 Mar 2023 13:01:49 +0100 To: gdb-patches@sourceware.org Cc: Benjamin Berg Subject: [PATCH] nat: linux-namespaces: Also enter user namespace Date: Tue, 21 Mar 2023 13:01:26 +0100 Message-Id: <20230321120126.1418012-1-benjamin@sipsolutions.net> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Spam-Status: No, score=-14.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: benjamin--- via Gdb-patches From: "Terekhov, Mikhail via Gdb-patches" Reply-To: benjamin@sipsolutions.net Errors-To: gdb-patches-bounces+patchwork=sourceware.org@sourceware.org Sender: "Gdb-patches" From: Benjamin Berg The use of user namespaces is required for normal users to use mount namespaces. Also entering the user namespace means that a normal user can debug processes created that way. --- gdb/nat/linux-namespaces.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/gdb/nat/linux-namespaces.c b/gdb/nat/linux-namespaces.c index 4b1fee18425..95277b403d7 100644 --- a/gdb/nat/linux-namespaces.c +++ b/gdb/nat/linux-namespaces.c @@ -880,11 +880,12 @@ enum mnsh_fs_code static enum mnsh_fs_code linux_mntns_access_fs (pid_t pid) { - struct linux_ns *ns; + struct linux_ns *ns, *ns_user; struct stat sb; struct linux_mnsh *helper; ssize_t size; - int fd; + int fd, fd_user = -1; + int result, error; if (pid == getpid ()) return MNSH_FS_DIRECT; @@ -901,6 +902,8 @@ linux_mntns_access_fs (pid_t pid) { int save_errno = errno; close (fd); + if (fd_user >= 0) + close (fd_user); errno = save_errno; }; @@ -910,13 +913,23 @@ linux_mntns_access_fs (pid_t pid) if (sb.st_ino == ns->id) return MNSH_FS_DIRECT; + ns_user = linux_ns_get_namespace (LINUX_NS_USER); + if (ns_user != NULL) + fd_user = gdb_open_cloexec (linux_ns_filename (ns_user, pid), O_RDONLY, 0).release (); + helper = linux_mntns_get_helper (); if (helper == NULL) return MNSH_FS_ERROR; if (sb.st_ino != helper->nsid) { - int result, error; + /* Try to enter user namespace */ + if (fd_user >= 0) + { + mnsh_send_setns (helper, fd_user, 0); + if (mnsh_recv_int (helper, &result, &error) != 0) + warning (_("Could not enter user namespace")); + } size = mnsh_send_setns (helper, fd, 0); if (size < 0)